Ingeniería en Sistemas, Electrónica e Industrial

Permanent URI for this communityhttp://repositorio.uta.edu.ec/handle/123456789/1

Browse

Subject: search.filters.subject.INTEGRIDAD

Search Results

Now showing 1 - 5 of 5
  • No Thumbnail Available
    Item
    Análisis de vulnerabilidades mediante pruebas de penetración en los servidores del departamento financiero de la Empresa Eléctrica Ambato Regional Centro Norte S.A.
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Ingeniería en Sistemas Computacionales e Informáticos, 2024-08) Ruilova Romero, Rosana Emperatriz; Buenaño Valencia, Edwin Hernando
    The purpose of this research project is to conduct a vulnerability analysis on the servers of the Financial Department of Empresa Eléctrica Ambato Regional Centro Norte S.A., which will allow for the mitigation of risks associated with the loss or leakage of information. For the development of the project, the Deming Cycle, also known as PDCA (Plan, Do, Check, Act), is used. This methodology ensures effective management and continuous improvement of the research. By complementing the Deming Cycle with the specific phases of pentesting, systematic control of each stage is guaranteed, namely: Reconnaissance, Vulnerability Analysis, Exploitation, Privilege Escalation, and Reporting. The integration of the PDCA methodology with the phases of a pentesting project guarantees efficient management, oriented towards continuous improvement and the protection of the Financial Department's IT systems. With the development of the research, IT security improvements will be implemented on the Financial Department's servers, mitigating risks to services and ensuring the availability of information. This research allows for the identification and correction of critical vulnerabilities, which contributes to maintaining a more secure IT infrastructure. In doing so, digital assets are safeguarded, and the trust and satisfaction of all clients are reinforced.
  • No Thumbnail Available
    Item
    Plan de contingencia informático basado en la Norma ISO 27001 para el área de TI de la Empresa Pública Municipal Gestión Integral de Desechos Sólidos de Ambato (EPM-GIDSA).
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Ingeniería en Sistemas Computacionales e Informáticos, 2024-08) López Martínez, Luis Andrés; Chicaiza Castillo, Dennis Vinicio
    Today, the information and data managed by companies are massive, making it crucial to ensure their availability, quality, and integrity. Alongside systems, services, and processes, these form highly valuable IT assets that must be safeguarded to uphold corporate image, competitiveness, and compliance. An IT contingency plan mitigates risks in the event of threats or disasters, maintaining crucial business operations' continuity during incidents until systems and services are fully restored. Vital information must be protected to prevent leaks, alteration, or unavailability. This research project proposes designing an IT Contingency Plan based on the latest 2022 version of the international standard ISO 27001 for Empresa Pública Gestión Integral de Desechos Sólidos de Ambato (EPM-GIDSA). It will analyze threats and vulnerabilities of its most critical IT assets. The plan will aid recovery from disasters or unforeseen events jeopardizing business continuity, outlining actions before, during, and after incidents to prevent information loss and restore IT systems to operational status.
  • No Thumbnail Available
    Item
    Sistema de gestión de seguridad de la información (SGSI) basado en la Norma ISO 27001 para el control de la seguridad informática de la empresa Epc-Compu de la ciudad de Ambato
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Tecnologías de la Información, 2023-09) Sailema Fiallos, Soraya Cristina; Balarezo, Julio Enrique
    Actually, data has become a valuable resource for organizations and its control demands a thorough analysis in order to protect them from possible risks to which they are exposed. In this manner, it seeks to ensure the integrity, confidentiality and accessibility of information. The present research proyect aims to implement an information security management system (ISMS) based on the ISO 27001 standard for the control of computer security of the company EPCCOMPU in Ambato city. First, a study of ISO 27001 was carried out to create a manual based on the ISO 27001:2013 standard, which contains the necessary points that must be followed to correctly implement an Information Security Management System, then an analysis of the current state of computer security through the collection of information from interviews and an observation sheet that allowed obtaining a starting point for the design of the ISMS, an analysis of the critical processes of the company EPC-COMPU to perform risk assessment in order to identify and analyze the vulnerabilities and threats involved in the management of information security for this analysis, the necessary controls of the ISO 27001 standard were selected, then risk management was carried out identifying prevention, detection and correction by consequence detailed in the contingency plan. Finally, monitoring and control processes were developed to define the activities with their respective managers
  • No Thumbnail Available
    Item
    Auditoría informática aplicando la Norma ISO 27001 para optimizar la seguridad de la información en el Departamento de Tic’s del Centro de Investigación y Desarrollo FAE.
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Ingeniería en Sistemas Computacionales e Informáticos, 2022-06) Chagmana Pomaquero, Remigio Leonel; Mayorga Mayorga, Franklin Oswaldo
    At present, information is one of the most important assets within any organization, its security and administration require a complete analysis to identify any risk to which it is exposed so that in this way the integrity, confidentiality and availability of the information is guaranteed. information optimally. The purpose of the research project is to minimize risks and provide security to the information that is handled daily in the ICT Department of the FAE Research and Development Center, through the application of information security policies that are based on the standard ISO27001. First, an analysis of the current state of security in the ICT Department was carried out through the application of interviews and surveys, which were applied to the Chief and the employees of the aforementioned department. The methodology used was based on the Deming cycle, which is made up of 4 phases (Plan, Implement, Verify and Act), in which each phase constitutes act ivities that allow planning, determining its scope, making an inventory of information assets and the valuation of assets with the aim of determining and analyzing the risks, threats and vulnerabilities that intervene in the management of information security. Afterwards, an Information Security Plan was prepared in which the Scope, Characterization, Risk Analysis and the Creation of new Information Security Policies will be defined for approval and application in the ICT Department on FAE Research and Development Center, with this it is expected that the Head and employees of the Department comply with the policies established to guarantee adequate control in the areas where there are shortcomings in terms of information security, maintain constant monitoring in the corresponding areas.
  • No Thumbnail Available
    Item
    Plan de contingencia informático basado en la norma ISO 24762:2008 para el departamento de tecnologías de la información del Gobierno Autónomo Descentralizado de la Municipalidad de Ambato
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Ingeniería en Sistemas Computacionales e Informáticos, 2022-03) Nuñez Santamaría, Adriana Cristina; Balarezo, Julio
    A computer contingency plan for the IT department (Information Technologies) of the Autonomous Decentralized Government of the Municipality of Ambato aims to identify risks, whether of natural or human origin that may occur and cause damage to the most important assets, for By means of this, the risks may be reduced or mitigated and in this way to be able to protect the information to guarantee its confidentiality, integrity and availability, for the normal functioning of the activities that the institution offers to all citizens. The IT department is in charge of administering and managing in the best way the information and services of the institution, which may be exposed to threats that harm its confidentiality, integrity and availability, partially or totally interrupting the operations of the institution. For this reason, an updated IT contingency plan must be in place to reduce any IT eventualities that may arise, so that the institution continues to operate. This research project proposes the Design of a Computer Contingency Plan based on the ISO 24762: 2008 standard, which describes the guidelines for Information and Communications Technology disasters. The plan will describe what actions to take in the event of a catastrophic event that affects the continuity of the institution's activities, reducing the impact of mitigation measures before, during and after the materialization of threats, and thus prevent the loss of valuable information for the institution. institution.